Distributed heterogeneous systems play a crucial role in modern computing, enabling scalable, highperformance solutions for artificial intelligence, big data processing, and cloud-based applications. However, their inherent complexity and diverse technological components expose them to significant security risks, particularly in terms of confidential information leakage. This paper presents a novel model for a distributed heterogeneous system that enhances resistance to data breaches by leveraging a multiagent approach. The proposed model integrates autonomous security agents responsible for real-time monitoring, anomaly detection, and dynamic access control. A mathematical framework formalizing agent interactions, decision-making strategies, and information flow is developed. Experimental validation demonstrates the system's resilience against various cyber threats, including SQL injections, malware, phishing, and brute-force attacks. The results indicate that multi-agent-based security mechanisms significantly improve threat detection accuracy and response efficiency, reducing the likelihood of unauthorized data exposure. This research contributes to the development of secure distributed computing environments by providing a scalable, adaptive, and robust architectural solution.
Today, distributed heterogeneous systems play a key role in various fields, as modern computing
tasks require flexibility, scalability and high performance. They have become the basis for cloud
computing, edge and fog computing, as well as for deploying artificial intelligence and big data
processing. In modern business processes and scientific research, there is a growing need for the
interaction of heterogeneous hardware and software platforms. This includes the use of CPUs, GPUs,
FPGAs and other accelerators to efficiently perform resource-intensive tasks. For example, in
financial technology and healthcare, machine learning models process huge amounts of data using
computing resources distributed between cloud platforms and local computing nodes [
IT infrastructure can be considered a distributed heterogeneous system as it consists of multiple
interconnected components, such as servers, networks, storage, and applications, that operate across
different environments. These components often come from
various vendors, use diverse
technologies, and function under different protocols. The distribution aspect arises from the
geographical and logical dispersion of resources, while heterogeneity is evident in the variety of
hardware, software, and data formats. Effective management of such an infrastructure requires
interoperability, standardization, and robust coordination mechanisms to ensure seamless operation
and security [
In distributed heterogeneous systems, data leakage is one of the most serious threats, as such
systems combine heterogeneous hardware and software components operating in different
environments. The main risks of data leakage in such systems are related to the lack of consistency
in security policies, the complexity of access control, the vulnerability of individual nodes, and
possible attacks on the network infrastructure [
Another critical risk is insider threats and unintentional data leaks due to incorrect system configuration or human error. For example, insufficiently secured application programming interfaces (APIs) can become a point of leakage for sensitive information.
Developing a distributed heterogeneous system architecture that is resistant to confidential
information leakage is a critical task in today's environment of heightened cyber threats and growing
data security requirements. Such an architecture should ensure not only efficient resource
management and interaction of various computing platforms, but also comprehensive protection
against potential information leaks at all levels, from hardware to application [
One of the key reasons for the need to build such an architecture is the complexity of modern distributed systems that combine heterogeneous technological components: cloud computing, peripheral nodes, mobile devices, IoT sensors, and specialized computing accelerators (GPU, FPGA). This creates a large number of possible entry points for attackers and increases the risk of uncontrolled data leakage. An important requirement for such an architecture is the implementation of end-to-end data encryption, both during transmission between system nodes and at rest. Additionally, it is necessary to use differentiated access mechanisms based on the Zero Trust model, when no component of the system is considered trusted by default, and access is granted solely on the basis of thorough authentication and authorization. Implementing an architecture that is resistant to confidential information leakage will not only minimize the risk of data loss, but also increase user confidence, meet regulatory requirements and ensure the stability of the system in the face of dynamic threats.
The use of the Multi-Agent Systems (MAS) concept to develop the architecture of a distributed heterogeneous system resistant to confidential information leakage is a promising direction that allows increasing the level of security and adaptability of the systems of IT infrastructure.
The multiagent approach involves the use of autonomous software agents, each of which performs specific functions, has a certain level of autonomy and interacts with other agents to achieve common goals. In the context of distributed heterogeneous systems, this means that data security can be ensured through intelligent access control, monitoring of anomalous activity, and dynamic response to potential threats.
One of the main advantages of MAS is the possibility of decentralized security control, which
reduces the risk of compromising the central controller and allows for more efficient threat detection
and localization. For example, in distributed environments, each node or subsystem can have its own
security agent that analyses traffic, checks access rights, monitors data leakage attempts, and
interacts with other agents to share information about potential risks [
In addition, MASs can provide proactive management of sensitive information by implementing mechanisms to dynamically adjust access levels and using machine learning techniques to predict threats. For example, agents can analyze user behavioral patterns and detect anomalies that may indicate an unauthorized access attempt or data leakage.
Another important aspect is the ability of agents to learn and adapt to new threats. In this context, MAS can be integrated with artificial intelligence technologies to enhance the ability to analyze and respond to cyber threats in real time. It is also possible to use agents to manage distributed cryptographic mechanisms, such as dynamic encryption and key distribution, which provides an additional layer of protection.
In general, the concept of multi-agent systems has significant potential for developing the architecture of distributed heterogeneous systems with increased resistance to confidential information leakage. It provides autonomy, flexibility, adaptability, and decentralized decisionmaking, which are critical factors for data protection in complex computing environments.
There are a huge number of researches devoted to the leakage of confidential information problem.
In [
A study [
A study [
As digital interactions continue to expand, securing data privacy and system integrity has become
increasingly critical. A growing body of research has focused on advanced techniques for
safeguarding digital systems. For example, studies have highlighted the role of encryption
algorithms, biometric authentication, machine learning for anomaly detection, and blockchain
technology in forming a robust defense against evolving cyber threats. A notable contribution [
A study [11] explores the factors and components that shape IT security within the framework of professional ethics policies in municipal organizations. This applied-developmental and exploratory research employs a qualitative methodology, using semi-structured interviews with experts from both academic and executive backgrounds. The research identifies key dimensions impacting IT security, including professional ethics, commitment and responsibility, creativity and innovation, human resource management, human resource performance, and organizational structure. Notably, the study found that municipalities with institutionalized professional ethics principles demonstrated a greater ability to manage and control security issues, highlighting the importance of balancing contextual, behavioral, and structural dimensions for successful IT security management. The research also reveals that organizations with stronger ethical practices are more resilient in addressing and mitigating IT security challenges, providing valuable insights for improving IT security strategies in municipal settings.
Studies [12] emphasize the difficulty of detecting data leakage in biological datasets due to their high correlation and hidden dependencies. Some works propose verification methods such as stratified cross-validation or detailed sample analysis, but there is no universal solution. In this regard, a set of seven key questions was proposed to help identify and prevent data leakage when developing machine learning models in biological applications. The practical usefulness of such approaches was demonstrated on complex examples that require in-depth analysis of the sources of leakage. The researchers note that the use of the proposed questions contributes to increasing the reliability and reproducibility of machine learning in biological research, which is critical to ensuring the reliability of the obtained results.
A study [13] addresses these security challenges by proposing a novel security scheme for protecting Video-GIS data in an open and shared environment. This scheme combines digital watermarking and data encryption to safeguard the data. Video-GIS data is categorized into general and confidential types based on the presence of sensitive information within the image frames, with tailored security measures applied to each category. Experimental results demonstrate that the watermarking algorithm has minimal impact on the quality of the data while ensuring optimal invisibility and robustness.
A study [14] explores the security issues in SIS schemes derived from AB-SS, particularly in (2, n)-CRTSIS schemes, where a vulnerability in a single share image can be exploited to reveal confidential information, including secret pixel values and their ratios. To address these security concerns, the paper proposes an enhancement to the AB-SS core sharing principle by introducing a chain obfuscation technology based on the XOR operation. The resulting secure image sharing scheme, COxor-CRTSIS, employs integer linear programming to achieve lossless recovery without segmentation and eliminates potential risks of secret disclosure without requiring additional encryption.
A study [15] proposes a solution combining cryptography and image steganography to enhance cloud data protection. This approach utilizes the Advanced Encryption Standard (AES) for encryption, ensuring that data remains unreadable to unauthorized users, while Diffie-Hellman facilitates secure key exchange to further strengthen access control. Additionally, the encrypted data is hidden within digital images using Discrete Cosine Transform (DCT) steganography, adding an extra layer of security against potential breaches. The proposed method offers an effective solution to safeguard data confidentiality, integrity, and availability without impacting system performance.
A study [16] addresses this challenge by exploring the use of deep learning for HT detection. The paper compares deep learning-based detection methods with traditional approaches and introduces the deep support vector data description (Deep SVDD) model as a novel solution. The proposed method significantly outperforms existing detection techniques, achieving an average accuracy of 92.87%, compared to 50.00% for conventional methods.
A study [17] introduces a novel training policy designed to reduce training time within an FL environment using HE, while maintaining privacy. This approach progressively reduces the amount of training data and exchanges LR coefficients in a privacy-preserving manner. The research evaluates the performance of FL policies with HE-LR, showing that the proposed policy can accelerate training times by 12% to 69% compared to traditional FL approaches, with only a slight average accuracy decrease of 1.79% to 1.95%. This contribution provides valuable insights into optimizing training efficiency while ensuring privacy in federated learning settings.
A study by [18] proposes a hybrid secure technique to protect data during NoC transmission. The proposed approach combines the Noekeon and RSA algorithms to form a hybrid security model tailored for NoC architectures. The Noekeon algorithm, known for its high security, efficiency, flexibility, and resistance to side-channel attacks, is used to secure communications within the NoC. Additionally, the RSA encryption algorithm is modified to reduce computational overhead by minimizing the number of calculations. The proposed hybrid secure algorithm is tested on a 4 × 4 2D mesh NoC architecture, showing significant improvements in performance—an increase in average throughput by 64% and a reduction in latency by 51% compared to existing methods.
A study [19] proposes a novel security system that combines multiple cryptographic algorithms and steganography to enhance data protection in cloud storage. The proposed method utilizes fast and secure symmetric key algorithms, such as AES and DES, alongside the asymmetric RSA algorithm to create a robust encryption system. This hybrid approach leverages the strengths of each algorithm to safeguard data from unauthorized access.
A study [20] addresses this challenge by proposing a System-on-Chip (SoC) architecture that integrates the SHA-256 cryptographic algorithm to enhance data security within IoT environments. The paper emphasizes the use of SHA-256 due to its strong cryptographic properties, which provide a high level of data security and integrity. The proposed architecture includes six General Purpose Input/Output (GPIO) pins, enhancing the flexibility and adaptability of IoT devices. This design also integrates a Zynq UltraScale+ MPSoC board, using SHA-256 encryption to secure sensitive data transfers through end-to-end encryption. The system is further optimized with a Verilog implementation of the SHA-256 block, employing GPIO for input and I2C for communication with a camera, while utilizing SRAM connected to registers and an ALU. UART is used for output transfer, enabling further processing and analysis. The results demonstrate that the architecture not only offers robust security but also provides excellent power efficiency and performance, making it wellsuited for a wide range of IoT applications.
A study [21] proposes a robust ISS designed specifically for cloud computing, focusing on the integration of cryptographic techniques. The research combines the RSA-OAEP (Optimal Asymmetric Encryption Padding) algorithm with X.509 to develop a comprehensive security system. The paper further explores the role of various cryptographic methods, such as encryption, digital signatures, and key management, in protecting cloud-based systems. In addition, it discusses enhancing the detection and response capabilities of security systems by incorporating artificial intelligence (AI) algorithms, specifically Grubbs' Test, to identify potential threats.
A study [22] introduces the OctagonCryptoDataMR paradigm, which integrates cryptographic hash and encryption/decryption techniques within the MapReduce framework to enhance data security. The proposed model uses a position-based swing hill cipher at the "diminish" layer and a sequence rolling twofold hash technique at the "map" layer to safeguard data privacy. This approach employs straightforward cryptographic techniques to achieve complex and effective data security outcomes. Experimental results show that the proposed system not only ensures data privacy but also improves processing speed with minimal execution time, making it an efficient solution for enhancing data security in cloud computing environments.
The reviewed studies highlight the growing importance of securing digital systems, particularly in distributed environments where information security threats, such as data leakage, eavesdropping, and unauthorized access, continue to evolve. Research demonstrates that existing techniques, including anonymization, cryptographic methods, and artificial intelligence-driven security measures, contribute to enhancing confidentiality and resilience. However, challenges remain, particularly in balancing security, performance, and usability. Given the increasing complexity of IT infrastructures – characterized by their distributed and heterogeneous nature – there is a critical need to develop new approaches for modeling such systems to ensure resilience against confidential information leakage. A robust model should incorporate dynamic security strategies, adaptive encryption techniques, and intelligent threat detection mechanisms while maintaining system performance. Furthermore, integrating emerging technologies such as federated learning, blockchain, and privacy-preserving computation can enhance security without compromising efficiency.
Thus, research should focus on designing comprehensive frameworks that address the unique challenges posed by distributed heterogeneous systems, ensuring confidentiality, integrity, and availability in increasingly interconnected digital environments.
a multi-agent system
Let us present the IT infrastructure in terms of a distributed heterogeneous system as a multi-agent system [23]. IT infrastructure of an enterprise includes several components, each of which performs a specific function in the system. A multi-agent system (MAS) provides distributed data processing, process automation, and adaptability to changes.
Let us present the mathematical model of a multi-agent system (MAS) is based on the formalization of the interaction between agents, the description of their behavior, goals, and environment. Here are the main components of the mathematical model of such a system: = { 1 , 2, 3 , 4 }, 4 using communication protocols.
Each agent is defined as: where is a set of agents, that include: providing information, or supporting decisions; 1 – set of user agents that interact with users to perform tasks such as processing requests, components, analyze log files, and warn about possible failures; 2 – set of service agents, that provide access to external and internal services;
3 – set of monitoring agents, that monitor the status of the system, network, or individual – set of communication agents, that are responsible for exchanging data between different agents = 〈 , , Π , Φ , Ω , С 〉, – set of agent states ; – the set of actions that an agent can perform; Π – the agent's strategy or policy that determines the choice of action in a particular state: where – agent observation; Φ – utility function or objective function that defines the agent's goals; Ω – a set of resources available to the agent.
Let us describe the environment with its states as a set: С – a communication model that defines how an agent exchanges information with other agents. Π ∶ ×
→ , S = { 1, 2, … }. ∶ × → , (1) (2) (3) (4) (5)
Let us describe the environmental dynamics function as: where is the change in the state of the environment as a result of the actions of agents.
The interaction between agents can be presented as the communication graph: – the state of the agent at time ; – information received through communication. – the action chosen by the agent at the moment ; an agent's observations of the environment or other agents;
To describe the interaction of an agent with the environment let us present the result of the agent's actions on the environment as:
+1 = ( { 1, 2, … }). goal is to maximize it: To describe the efficient system functioning let us present the utility function, where the agent's that the agent can be exchange via information . where ℰis the set of edges representing the connections between agents. An edge ∈ ℰ means In order to describe the system dynamics, let us present the agent state transition model. The state of each agent changes according to the function: = ( , ℰ), +1 = ( , , , ),
= ∑∞=0 γ
Φ ( , ) ,
3.3. Distributed model
optimization:
(6)
(7)
(8)
(8)
(9)
(10)
(11)
(12)
Φ ( , ) – the agent's utility at time t, γ ∈ [
= ∑ =1 .
{П1, … П } To present the distributed data processing let us show how each agent performs local arg П
. П∗, П_∗ ≥ П∗, П_∗ ,
Provided that there is consistency with the global goal through a mechanism of communication and joint information exchange.
To ensure balance in the system, the interaction of agents can be described through a Nash equilibrium, when no agent can improve its outcome by changing only its own strategy:
To achieve the goals, a consensus algorithm for the exchange protocols is used: +1 = ∑ ∈ +1, where are the agent's neighbors , are the weights of the communication graph. (13) (14) (15) (16) (17) (18)
To improve security and control over the enterprise's IT infrastructure, the multi-agent system is supplemented with monitoring and data integrity functionality. The main goal is to detect anomalies, prevent data theft, and ensure the system's resilience to cyberattacks.
Let us denote the agents and their functions for monitoring via the Monitoring agent , which monitors system logs, network traffic, and user activity, uses anomaly detection techniques (machine learning, threshold models), and responds to suspicious activity by generating alarms; the Integrity agent , which uses hash functions ( ) to verify the integrity of critical data, compares checksums of files and databases in real time, triggers a recovery mechanism when changes are detected in critical files; and the Security agent , which controls access to confidential information using authentication and authorization policies, blocks suspicious connections and requests that may cause data leakage, uses cryptographic algorithms to encrypt data transmitted between agents.
The multi-agent system is supplemented with new components, and its model is expanded with the anomaly monitoring, where each user request is modeled as a vector of behavioral parameters: where is the access time, is the data volume, Let us define the anomaly detection function as follows: is the type of request. = { , ,
} , ( ) = 1, ( , ) < , 0, otherwise where ( , ) is the distance from the average behavioral profile, λ is the anomaly threshold.
Let us present the data integrity verification model. For each critical file or database record, a hash sum is calculated: and the comparison of checksums at different points in time: Where if ΔH≠0Δ, verification is started and a rollback to the backup copy is possible. Access is controlled through the RBAC (Role-Based Access Control) policy: ( ) =
256( ) , Δ = ( ) − ( − 1) , ( , ) = 1, ∈ , 0, otherwise where is the user,
is the set of allowed roles for accessing the resource.
Experimental studies of the proposed multi-agent model of the enterprise IT infrastructure involved testing its efficiency, stability and adaptability in various operating scenarios. For this purpose, a simulation environment (Matlab/Simulink [24, 25]) was deployed that simulated the real infrastructure, including databases, network interaction and communication between agents. For this purpose, a set of test scenarios was created that take into account normal and critical operating conditions.
At the initial stage, agents were initialized, which interact with each other and with the environment according to the defined rules. The next step was to determine performance metrics such as query processing time, resource usage and fault tolerance level.
The first experiment was aimed at assessing the basic performance of the system at nominal load. Each agent performed its functions under standard conditions, and key performance indicators were recorded.
Next, a series of stability experiments were conducted, simulating failures of individual system components, server failures, or loss of communication between agents. The model was evaluated by the speed of recovery and the efficiency of load balancing between agents. Special attention is paid to self-healing mechanisms and automatic task redistribution. Another direction was the study of the scalability of the system.
In this experiment, the number of agents and the volume of processed requests gradually increased. At the same time, communication delays, the efficiency of computing resources, and stability of operation with increasing load were analyzed.
The last stage included testing the system's adaptability to changes in the environment. For this, changes were made to the rules of interaction between agents, the configuration of resources, and network parameters, which allowed us to assess the system's ability to adapt to new conditions. The results obtained are compared with the expected indicators, and on this basis, conclusions are drawn about the effectiveness of the proposed model.
The following key metrics are used to evaluate the performance of the proposed multi-agent system of the enterprise IT infrastructure: • • • • • • •
Failure tolerance fail; request processing time - the average time required by the agent to execute the received request; system throughput - the number of requests processed by the system per unit of time; agent load - the average level of resource utilization of each agent;
- the probability of correct system operation when some of the agents scalability - the dependence of performance on the number of agents and load; recovery time - the average time required to restore the system after a failure; Communication efficiency - the average data transfer time between agents.
MAS stability test results are presented in Table 1. ms 5.2 30% Rejection of Agents Scaling (+50% agents) Changing the environment 98.0 92.5
The system demonstrates high efficiency at nominal load, quickly adapts to changes and has a high level of resilience to agent failures. The scalability of the system allows for increased throughput when adding new agents, although communication efficiency decreases somewhat with a significant increase in load. Recovery time after failures remains within acceptable limits, which confirms the reliability of the multi-agent model.
Let us describe the scenarios for executing an experiment when attacking IT infrastructure. To evaluate the operation of a multi-agent system with data monitoring and protection functions, a series of experiments is carried out aimed at determining the time of attack detection, detection accuracy, speed of data integrity verification and success of recovery after an attack.
An attacker carries out an SQL injection attack in an attempt to gain unauthorized access to sensitive information by inserting malicious SQL queries into form input fields. The course of the experiment:
Abnormal behavior is detected using a threshold model of deviations. Security agent blocks a suspicious request.
The integrity agent checks if there have been any changes to the database. Test results are presented in Table 2.
A malicious script is downloaded to the server that secretly copies sensitive files and sends them to an external server.
The course of the experiment:
The monitoring agent analyzes files sent outside the network.
Abnormal use of resources and network traffic is detected.
The security agent isolates the process and terminates the connection.
The integrity agent checks the hashes of the files and performs the recovery. Test results are presented in Table 3.
No 1 2 3 4 5 6 7 8 9 10
The attacker sends an email with a fake link that directs the employee to a malicious site to enter credentials.
The course of the experiment:
The monitoring agent scans emails for suspicious attachments and links.
A URL leading to a phishing site is revealed.
The security agent blocks access to the site.
The integrity of credentials and the user's login history are checked.
Test results are presented in Table 4.
The attacker tries to guess the administrator's password by repeatedly trying to log in (brute-force).
The course of the experiment:
The monitoring agent captures a suspicious number of failed login attempts. The security agent automatically blocks the attacker's IP address.
The integrity agent checks to see if there have been any changes to the access entries.
The system effectively detects various types of attacks, ensuring a quick response and minimizing the risk of data theft. The best results are demonstrated in brute-force attacks and SQL injections thanks to operational monitoring of requests. The longest detection time was recorded in an attack through malicious software, which is associated with the need to analyze network traffic. In general, the system is able to respond quickly to threats, block abnormal activity and guarantee a high success rate of data recovery in the event of an attack.
This study introduced a novel model for a distributed heterogeneous system designed to enhance cybersecurity through a multi-agent approach. By incorporating autonomous security agents, the system enables real-time monitoring, anomaly detection, and adaptive access control, significantly improving resilience against cyber threats such as SQL injections, malware, phishing, and brute-force attacks. The mathematical framework developed in this research formalizes agent interactions and decision-making, ensuring an adaptive and scalable security mechanism.
Experimental validation confirms that the proposed approach enhances threat detection accuracy and reduces response time, minimizing the risk of unauthorized data exposure. The findings of this research contribute to the development of more secure distributed computing environments, offering a robust and flexible security architecture suitable for modern digital infrastructures. Future work may explore the integration of machine learning techniques to further optimize agent-based security mechanisms.
During the preparation of this work, the authors used Grammarly in order to: grammar and spelling check; DeepL Translate in order to: some phrases translation into English. After using these tools/services, the authors reviewed and edited the content as needed and take full responsibility for the publication’s content.